MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #195 from droe/master 

Add Comnie RAT
pull/196/merge
Alexandre Dulaunoy 2018-04-17 19:30:42 +02:00 committed by GitHub
parent 13ca5c4245 8c861848f8
commit fb4236acff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
clusters/rat.json
View File

@ -2421,6 +2421,17 @@
"https://github.com/xlinshan/Coldroot" "https://github.com/xlinshan/Coldroot"
] ]
} }
},
{
"value": "Comnie",
"description": "Comnie is a RAT originally identified by Sophos. It has been using Github, Tumbler and Blogspot as covert channels for its C2 communications. Comnie has been observed targetting government, defense, aerospace, high-tech and telecommunication sectors in Asia.",
"uuid": "fbc5bbb2-38b4-4fa3-9b9f-624e05cdc648",
"meta": {
"refs": [
"https://exchange.xforce.ibmcloud.com/collection/East-Asia-Organizations-Victims-of-Comnie-Attack-12749a9dbc20e2f40b3ae99c43416d8c",
"https://researchcenter.paloaltonetworks.com/2018/01/unit42-comnie-continues-target-organizations-east-asia/"
]
}
} }
] ]
} }